North Korean hackers have innovatively used smart contracts on blockchains for malware delivery, leveraging the EtherHiding technique to evade detection and facilitate espionage activities. This development complicates campaign tracking and highlights the growing sophistication of North Koreaβs cyber operations targeting cryptocurrency and web developers. #EtherHiding #JADESNOW
Keypoints
- North Korean threat actors have adopted the EtherHiding technique to host malware on blockchain smart contracts.
- The method allows stealthy, low-cost, and flexible delivery of malicious payloads through Ethereum and Binance Smart Chain.
- Fake job interview scams serve as the infection vector, prompting targets to run malicious code during technical assessments.
- The malware, including JADESNOW, can exfiltrate credentials and files, operating in memory to avoid detection.
- Security measures should include restricting risky downloads, controlling browser updates, and enforcing strict web policies.